Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

524 advisories

Loading
Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options Moderate
CVE-2024-25149 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Email Validation Bypass And Preventing Sign Up From Email's Owner Moderate
CVE-2023-6152 was published for github.com/grafana/grafana (Go) Feb 13, 2024
negrel
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module Moderate
CVE-2024-24751 was published for derhansen/sf_event_mgt (Composer) Feb 13, 2024
derhansen
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions Critical
CVE-2024-25108 was published for pixelfed/pixelfed (Composer) Feb 12, 2024
ThisIsMissEm nivenly-foundation
OpenRefine JDBC Attack Vulnerability High
CVE-2024-23833 was published for org.openrefine:database (Maven) Feb 12, 2024
l0n3rs
Mattermost Jira Plugin does not properly check security levels Moderate
CVE-2024-24774 was published for github.com/mattermost/mattermost-plugin-jira (Go) Feb 9, 2024
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes Moderate
CVE-2024-22208 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
PinkDraconian
Privilege Escalation in HashiCorp Consul Moderate
CVE-2020-28053 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
Buildkit's interactive containers API does not validate entitlements check Critical
CVE-2024-23653 was published for github.com/moby/buildkit (Go) Jan 31, 2024
rmcnamara-snyk
No permission checks for editing/deleting records with CSV import form Moderate
CVE-2023-49783 was published for silverstripe/admin (Composer) Jan 23, 2024
GuySartorelli
changedetection.io API endpoint is not secured with API token Low
CVE-2024-23329 was published for changedetection.io (pip) Jan 23, 2024
rozpuszczalny
View permissions are bypassed for paginated lists of ORM data Moderate
CVE-2023-44401 was published for silverstripe/graphql (Composer) Jan 23, 2024
juzawebCMS Incorrect Access Control vulnerability Moderate
CVE-2023-46906 was published for juzaweb/cms (Composer) Jan 9, 2024
Nautobot missing object-level permissions enforcement when running Job Buttons Low
CVE-2023-51649 was published for nautobot (pip) Dec 22, 2023
abdikanipd
Velocity execution without script right through tree macro High
CVE-2023-50732 was published for org.xwiki.platform:xwiki-platform-index-tree-macro (Maven) Dec 19, 2023
Apache Superset incorrect write permissions vulnerability High
CVE-2023-49734 was published for apache-superset (pip) Dec 19, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin Moderate
CVE-2023-50777 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Privilege Escalation using Spoofing Moderate
CVE-2023-49273 was published for Umbraco.CMS (NuGet) Dec 13, 2023
jerpenol
Backoffice User can bypass "Publish" restriction Low
CVE-2023-48227 was published for Umbraco.CMS (NuGet) Dec 13, 2023
roie-shmuel
Apache Superset - Elevation of Privilege High
CVE-2023-40610 was published for apache-superset (pip) Nov 28, 2023
Duplicate Advisory: Apache Superset - Elevation of Privilege Moderate
GHSA-392c-vjfv-h7wr was published for apache-superset (pip) Nov 27, 2023 withdrawn
Bypass of field access control in strapi-plugin-protected-populate Moderate
CVE-2023-48218 was published for strapi-plugin-protected-populate (npm) Nov 20, 2023
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
XWiki Platform privilege escalation from script right to programming right through title displayer Critical
CVE-2023-46244 was published for org.xwiki.platform:xwiki-platform-display-api (Maven) Nov 7, 2023
SaToken authentication bypass vulnerability High
CVE-2023-43961 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database